It's quite a disturbing discovery with some serious implications.
Hollow's server is a GNU/Linux server, and he was able to tell, just from looking at the raw harddrive data (which is a simple oneliner command on GNU/Linux: eg: strings /dev/sda), that the previous user ran windows on it. He was able to retrieve pieces of registry data, emails, and other data.What this means:
How to properly wipe data:
- Say you decide to move hosts, or discontinue a server, the next person that gets your hard drive (hosting companies recycle a lot, of course), also gets all of your data, if you don't properly wipe your hard drive before discontinuing the server.
- When you get a new server, all the old data is still floating around on the hard drive, just invisible to your OS.
This means that if your server were ever subjected to an investigation by authorities for whatever reason, and the old owner had illegal material on it, they could easily think it's data you deleted.
Thus it is a good idea to not only wipe the hard drive when leaving a host, but also when getting a new server.
Obviously, if the data survives a reformat, it will also survive when you simply delete the files.
The only way to be certain the data is gone, is by actually overwriting the physical data on the disk with random data.
On GNU/Linux there is an utility called 'shred' which offers a secure way of removing files by overwriting the physical data multiple times with random data, unlike 'rm' which only removes the links to the physical data, so the file 'appears' gone.
Alternatively you can use dd to overwrite the entire harddrive like so:
dd if=/dev/urandom of=/dev/sda(where sda = the harddrive to erase of course)
Perhaps someone can give some tips on what to use on windows servers to properly wipe data.
The problem on windows is that the OS typically stops working when it's erasing itself
(which is not the case on *nix when you use a statically linked application that can run from memory, like dd).
I have always been aware that data is not removed after a reformat or after removing a file. Though I must admit I never connected the dots, thinking about the implications when it comes to server hosting.
I think this practical experiment hollow did, clearly illustrates that the dangers of not wiping data are real!